yeah passwords is the one I'm most worried about, that's the keys to the kingdom.

If my threat model includes backdoored hardware, I'm in a bad place as (I'd expect) would most people be.